Zero-Day in MacOS Could Reveal Keychain Passwords

A new MacOS exploit, dubbed “KeySteal,” has been developed by German researcher Linus Henze to exploit a vulnerability that allows a malicious app running on a vulnerable system to access the passwords stored inside the MacOS password management system Keychain. Apple has not yet addressed the vulnerability. The NJCCIC recommends reviewing the Forbes article on the zero-day and updating MacOS devices when a patch becomes available.

AdvisoryNJCCICZero-Day, macOS